Anyway, the best option for security is to have a dedicated device to access your wallet. This device should never be used to browse the web - better if it doesn't even have a browser at all. And, of course, it must be physically safe. Back up and encrypt your wallet too.

And, well, you should consider dropping windows. At least IE should be banned, in case you happen to use that browser.

mybitcoin.com is the last place I would look for security. They did nothing about the MtGox security breach, so users lost over 4k BTC from the site.

What could have they possibly done? They were actually quite preemptive, blocking and changing passwords of same-name accounts. You cannot blame them for (1) MtGox leaking its passwords and (2) people using the same username/password in both sites, which are so related and critical in terms of security.

mybitcoin.com is the last place I would look for security. They did nothing about the MtGox security breach, so users lost over 4k BTC from the site.

What could have they possibly done? They were actually quite preemptive, blocking and changing passwords of same-name accounts. You cannot blame them for (1) MtGox leaking its passwords and (2) people using the same username/password in both sites, which are so related and critical in terms of security.

Where's my squinty eyes smilie when I need it?

But that's a vastly different story from what I heard. I heard they did nothing, then a week after the MtGox hack, a bot logged in to dozens of mybitcoin accounts and emptied them all within minutes. If that's not true, and they forced a password change of same-name accounts, then more power to 'em.

One way to make it more widespread is to make it so people don't have to rely on Linux to secure their wallets.

Certainly it would be nice not to be advised by Linux fanboys that it's the only way to go in every thread.

I agree, Specially since the advice is usually doesn't even take into account wheter the machine is an old XP or a fully patch and protected Windows 7.

The thing is for many small business, they have one machine and it's a Windows box. Setting up multiple box is fun and all but not necessarly cost effective if the business is just looking to grab a few extra clients by accepting bitcoin.

If can teach Go/Weichi/Baduk for BTC - I'm 1 kyu on KGS - 0.2 BTC for one hour lesson, 0.1 BTC for a game review - mail at Baduk4Bitcoin@gmail.com

I own a pizza shop and I want to accept bitcoins but I'm still majorly concerned about how to keep my coins secure on windows.

Easy solution is to have a 2 tier wallet.

one is your everyday wallet - use it to accept payments you can see are confirmed by the time the pizza is ready - and at various points throughout the day you transfer portions (or all) to your second wallet stored on a usb stick in a bank deposit box or safe.

No block explorer necessary

if someone steals your wallet dat, they can only ever steal a day's takings (or however high you let it go). If money goes missing, you delete your wallet dat, clean /format and better secure your pc, and get a new wallet dat.

The only way an employee can steal bitcoins is by either transferring to a strange key, or stealing wallet dat file (so you'll lose as much as you allow in that account at any one time). If you basically transfer to safe wallet as soon as payment is "confirmed", there shouldn't be much loss at all.

For a store that was worried about setting up a wallet on windows couldn't they make a few addresses for payments on their personal computer. Then when a client pays they quickly look for a payment on bitcoincharts.com/bitcoin. You just have to refresh the page and use find. For small transactions I don't know if many would try tricking that. I know you can, but for less than a 1 BTC ?

For a store that was worried about setting up a wallet on windows couldn't they make a few addresses for payments on their personal computer. Then when a client pays they quickly look for a payment on bitcoincharts.com/bitcoin. You just have to refresh the page and use find. For small transactions I don't know if many would try tricking that. I know you can, but for less than a 1 BTC ?

First off, the cash register need not allow the employee to access the entire wallet (unless he hacks into the box, but if that's happening your problem should be solved by firing him and maybe even calling the cops). Then, it can sweep out Bitcoins at predefined intervals or amounts to a back office wallet, similar to putting $20 and larger bills in the safe (only the employee doesn't need to do anything; it can happen automatically).

There's almost nothing on the market that can be adapted to do this right now. It's an active research topic for me. I may just end up building a prototype and finding a pizza shop somewhere that wants to accept Bitcoins to field test it.

For a store that was worried about setting up a wallet on windows couldn't they make a few addresses for payments on their personal computer. Then when a client pays they quickly look for a payment on bitcoincharts.com/bitcoin. You just have to refresh the page and use find. For small transactions I don't know if many would try tricking that. I know you can, but for less than a 1 BTC ?

First off, the cash register need not allow the employee to access the entire wallet (unless he hacks into the box, but if that's happening your problem should be solved by firing him and maybe even calling the cops). Then, it can sweep out Bitcoins at predefined intervals or amounts to a back office wallet, similar to putting $20 and larger bills in the safe (only the employee doesn't need to do anything; it can happen automatically).

There's almost nothing on the market that can be adapted to do this right now. It's an active research topic for me. I may just end up building a prototype and finding a pizza shop somewhere that wants to accept Bitcoins to field test it.

That would be pretty cool!! I guess almost all transactions would be one way except for the rare case of refunds. That would be the only time they'd need access to send BTC. You could almost have it so all employees can only deposit. All money is sent to an address that only the owner can access. For refunds, print out a slip saying payment will be sent to an address. Then the owner can authorize all spends at the end of the day with the list of refunds. (I guess the customer would have to accept a slight delay in refund but it's quicker than some refunds!)

That would be pretty cool!! I guess almost all transactions would be one way except for the rare case of refunds. That would be the only time they'd need access to send BTC. You could almost have it so all employees can only deposit. All money is sent to an address that only the owner can access. For refunds, print out a slip saying payment will be sent to an address. Then the owner can authorize all spends at the end of the day with the list of refunds. (I guess the customer would have to accept a slight delay in refund but it's quicker than some refunds!)

In a retail situation, you usually have refunds being done by a manager, or by dedicated customer service people. It's easy enough to authorize specific employees to do refunds up to whatever amount you desire.

The hard part is actually sending the refund to the customer. You can't send to either the change address or any of the inputs, as the customer might have been using an online wallet service and the service will not know what to do with the payment. The customer will most likely have to supply an address to receive the refund. This is easily done via email or other online support methods. In person it's less easy today, but will become easier in time as the bitcoin URI scheme and QR codes become more widespread.

The hard part is actually sending the refund to the customer. You can't send to either the change address or any of the inputs, as the customer might have been using an online wallet service and the service will not know what to do with the payment. The customer will most likely have to supply an address to receive the refund. This is easily done via email or other online support methods. In person it's less easy today, but will become easier in time as the bitcoin URI scheme and QR codes become more widespread.

Refunding to a different address/location/medium is what could get a business into big trouble imho.

When you purchase with a credit card, the store isn't allowed to refund that purchase to cash, or to any other credit card, it can only be refunded back to the same card, to hinder money laundering.

When you purchase with a credit card, the store isn't allowed to refund that purchase to cash, or to any other credit card, it can only be refunded back to the same card, to hinder money laundering.

I'm not exactly sure they're not allowed... no one's going to punish them for refunding cash, it just makes sense for them to choose not to. The store benefits from the policy two ways: first, by not eating a ~2% fee on money they never got, and perhaps second, so they don't face a risk of a chargeback and eating the 100%. (By refunding the card, they're not exposed to a chargeback, because they have essentially already granted it.)

I can think of a great practical way for retail merchants to accept bitcoins today. Someone should start a business that prints a small deck of pre-printed Bitcoin addresses on business card stock.

When someone pays BTC to such an address, the business owner immediately gets an automatic SMS that informs him that a payment has been received, and the amount. The customer redeems the business card sort of as though it were a gift card, and the business owner writes "spent" on it and keeps it.

The cash register doesn't need to be concerned with being a "wallet" - the business owner simply logs onto a website later and sweeps all the received BTC anywhere he wants it.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper wallets instead.

This. I like the idea of two wallets. One is long term savings and one is cash. It's the Bitcoin version of what most people do - a bank account for saving and cash on hand for spending you pull out via ATM. In this case you don't need to go to an ATM